crypto

package
v0.24.0 Latest Latest
Warning

This package is not in the latest version of its module.

 Go to latest Published: Jan 13, 2025 License: AGPL-3.0 Imports: 20 Imported by: 0

Documentation

Index

Constants

View Source 
const SecretKeySize = 32

SecretKeySize is the size of a secret key in bytes.

Variables

This section is empty.

Functions

func EncodeKeyVersion 

func EncodeKeyVersion(key KeyVersion) ([]byte, error)

EncodeKeyVersion base64-encoded binary representation of a key.

It encodes the key's binary data as base64 since some KMS keystore implementations do not accept or handle binary data properly.

Types

type HMACKey 

type HMACKey struct {
	// contains filtered or unexported fields
}

HMACKey represents a secret key used for computing HMAC checksums.

func GenerateHMACKey 

func GenerateHMACKey(hash Hash, random io.Reader) (HMACKey, error)

GenerateHMACKey generates a new random HMACKey with the specified hash function.

If random is nil the standard library crypto/rand.Reader is used.

func NewHMACKey 

func NewHMACKey(hash Hash, key []byte) (HMACKey, error)

NewHMACKey creates a new HMACKey with the specified hash function and key.

The key must be 32 bytes long.

func (*HMACKey) Equal 

func (k *HMACKey) Equal(mac1, mac2 []byte) bool

Equal reports whether mac1 and mac2 are equal without leaking any timing information.

func (*HMACKey) MarshalPB 

func (k *HMACKey) MarshalPB(v *pb.HMACKey) error

MarshalPB converts the HMACKey into its protobuf representation.

func (*HMACKey) Sum 

func (k *HMACKey) Sum(msg []byte) []byte

Sum computes and returns the HMAC checksum of msg.

func (HMACKey) Type 

func (k HMACKey) Type() Hash

Type returns the HMACKey's hash function.

func (*HMACKey) UnmarshalPB 

func (k *HMACKey) UnmarshalPB(v *pb.HMACKey) error

UnmarshalPB initializes the HMACKey from its protobuf representation.

type Hash 

type Hash uint

Hash identifies a cryptographic hash function. 

const (
	// SHA256 represents the SHA-256 hash function.
	SHA256 Hash = iota + 1
)

Supported cryptographic hash functions.

func (Hash) String 

func (h Hash) String() string

String returns the string representation of the hash function.

type KeyVersion 

type KeyVersion struct {
	Key       SecretKey    // The secret key
	HMACKey   HMACKey      // The HMAC key
	CreatedAt time.Time    // The creation timestamp of the key version
	CreatedBy kes.Identity // The identity of the entity that created the key version
}

KeyVersion represents a version of a secret key.

func ParseKeyVersion 

func ParseKeyVersion(b []byte) (KeyVersion, error)

ParseKeyVersion parses b as ParseKeyVersion.

func (*KeyVersion) HasHMACKey 

func (s *KeyVersion) HasHMACKey() bool

HasHMACKey reports whether the KeyVersion has an HMAC key.

Keys created in the past did not generate a HMAC key.

func (*KeyVersion) MarshalPB 

func (s *KeyVersion) MarshalPB(v *pb.KeyVersion) error

MarshalPB converts the KeyVersion into its protobuf representation.

func (*KeyVersion) UnmarshalPB 

func (s *KeyVersion) UnmarshalPB(v *pb.KeyVersion) error

UnmarshalPB initializes the KeyVersion from its protobuf representation.

type SecretKey 

type SecretKey struct {
	// contains filtered or unexported fields
}

SecretKey represents a secret key used for encryption and decryption.

func GenerateSecretKey 

func GenerateSecretKey(cipher SecretKeyType, random io.Reader) (SecretKey, error)

GenerateSecretKey generates a new random SecretKey with the specified cipher.

If random is nil the standard library crypto/rand.Reader is used.

func NewSecretKey 

func NewSecretKey(cipher SecretKeyType, key []byte) (SecretKey, error)

NewSecretKey creates a new SecretKey with the specified cipher and key.

The key must be SecretKeySize bytes long.

func (SecretKey) Bytes 

func (s SecretKey) Bytes() []byte

Bytes returns the raw key bytes.

func (SecretKey) Decrypt 

func (s SecretKey) Decrypt(ciphertext, associatedData []byte) ([]byte, error)

Decrypt decrypts and authenticates the ciphertext and authenticates the associatedData.

The same associatedData used during encryption must be provided.

func (SecretKey) Encrypt 

func (s SecretKey) Encrypt(plaintext, associatedData []byte) ([]byte, error)

Encrypt encrypts and authenticates the plaintext and authenticates the associatedData.

The same associatedData must be provided when decrypting.

func (*SecretKey) MarshalPB 

func (s *SecretKey) MarshalPB(v *pb.SecretKey) error

MarshalPB converts the SecretKey into its protobuf representation.

func (SecretKey) Overhead 

func (s SecretKey) Overhead() int

Overhead returns the size difference between a plaintext and its ciphertext.

func (SecretKey) Type 

func (s SecretKey) Type() SecretKeyType

Type returns the SecretKey's type.

func (*SecretKey) UnmarshalPB 

func (s *SecretKey) UnmarshalPB(v *pb.SecretKey) error

UnmarshalPB initializes the SecretKey from its protobuf representation.

type SecretKeyType 

type SecretKeyType uint

SecretKeyType defines the type of a secret key. Secret keys with different types are not compatible since they may differ in the encryption algorithm, key length, cipher mode, etc. 

const (
	// AES256 represents the AES-256-GCM secret key type.
	AES256 SecretKeyType = iota + 1

	// ChaCha20 represents the ChaCha20-Poly1305 secret key type.
	ChaCha20
)

Supported secret key types.

func ParseSecretKeyType 

func ParseSecretKeyType(s string) (SecretKeyType, error)

ParseSecretKeyType parse s as SecretKeyType string representation and returns an error if s is not a valid representation.

func (SecretKeyType) String 

func (s SecretKeyType) String() string

String returns the string representation of the SecretKeyType.

Source Files

View all Source files

Jump to

Keyboard shortcuts

? : This menu
/ : Search site
f or F : Jump to
y or Y : Canonical URL
go.dev uses cookies from Google to deliver and enhance the quality of its services and to analyze traffic. Learn more.